Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K93445609
HistoryFeb 29, 2016 - 12:00 a.m.

K93445609 : phpMyAdmin vulnerabilities

2016-02-2900:00:00
my.f5.com
20

6 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.0%

JSON

Security Advisory Description

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.

Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.
Impact
There is no impact; F5 products are not affected by this vulnerability.

Related

fedora 2
f5 1
nessus 23
mageia 1
openvas 8
typo3 1
osv 7
debian 4
freebsd 9
cve 9
debiancve 9
nvd 9
phpmyadmin 9
ubuntucve 9
github 3
cvelist 9
prion 9
fedora
fedora
[SECURITY] Fedora 22 Update: phpMyAdmin-4.5.4-1.fc22
2016-02-01 06:34:04
[SECURITY] Fedora 23 Update: phpMyAdmin-4.5.4.1-1.fc23
2016-02-03 20:52:02
f5
f5
SOL93445609 - phpMyAdmin vulnerabilities
2016-02-29 00:00:00
nessus
nessus
Fedora 23 : phpMyAdmin-4.5.4.1-1.fc23 (2016-e55278763e)
2016-03-04 00:00:00
Fedora 22 : phpMyAdmin-4.5.4-1.fc22 (2016-e1fe01e96e)
2016-03-04 00:00:00
openSUSE Security Update : phpMyAdmin (openSUSE-2016-151)
2016-02-08 00:00:00
mageia
mageia
Updated phpmyadmin/phpseclib packages fix security vulnerability
2016-02-05 20:26:09
openvas
openvas
Mageia: Security Advisory (MGASA-2016-0051)
2016-02-08 00:00:00
Debian: Security Advisory (DLA-481-1)
2023-03-08 00:00:00
phpMyAdmin Multiple Vulnerabilities -01 (Feb 2016)
2016-02-23 00:00:00
typo3
typo3
Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)
2016-03-10 00:00:00
osv
osv
phpmyadmin - regression update
2016-05-18 00:00:00
phpmyadmin - security update
2016-05-18 00:00:00
phpmyadmin - security update
2016-01-30 00:00:00
debian
debian
[SECURITY] [DLA 481-1] phpmyadmin security update
2016-05-18 18:57:16
[SECURITY] [DLA 481-2] phpmyadmin regression update
2016-05-30 18:36:20
[SECURITY] [DLA 406-1] phpmyadmin security update
2016-01-30 22:52:45
freebsd
freebsd
phpmyadmin -- XSS vulnerability in normalization page
2016-01-28 00:00:00
phpmyadmin -- Multiple XSS vulnerabilities
2016-01-28 00:00:00
phpmyadmin -- Unsafe comparison of XSRF/CSRF token
2016-01-28 00:00:00
cve
cve
CVE-2016-2043
2016-02-20 01:59:06
CVE-2016-2040
2016-02-20 01:59:03
CVE-2016-2045
2016-02-20 01:59:08
debiancve
debiancve
CVE-2016-2043
2016-02-20 01:59:06
CVE-2016-2038
2016-02-20 01:59:01
CVE-2016-2044
2016-02-20 01:59:07
nvd
nvd
CVE-2016-2043
2016-02-20 01:59:06
CVE-2016-2040
2016-02-20 01:59:03
CVE-2016-2045
2016-02-20 01:59:08
phpmyadmin
phpmyadmin
XSS vulnerability in normalization page.
2016-01-24 00:00:00
Multiple full path disclosure vulnerabilities.
2016-01-23 00:00:00
Unsafe comparison of XSRF/CSRF token.
2016-01-24 00:00:00
ubuntucve
ubuntucve
CVE-2016-2043
2016-02-20 00:00:00
CVE-2016-2041
2016-02-20 00:00:00
CVE-2016-2040
2016-02-20 00:00:00
github
github
phpMyAdmin XSS Vulnerability
2022-05-14 02:08:30
phpMyAdmin Unsafe comparison of XSRF/CSRF token
2022-05-14 02:08:30
phpMyAdmin Cryptographic Vulnerability
2022-05-17 03:43:03
cvelist
cvelist
CVE-2016-2038
2016-02-20 01:00:00
CVE-2016-2045
2016-02-20 01:00:00
CVE-2016-2041
2016-02-20 01:00:00
prion
prion
Design/Logic Flaw
2016-02-20 01:59:00
Cross site scripting
2016-02-20 01:59:00
Design/Logic Flaw
2016-02-20 01:59:00

6 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.0%

JSON
Related for F5:K93445609
fedora2f51nessus23mageia1openvas8typo31osv7debian4freebsd9cve9debiancve9nvd9phpmyadmin9ubuntucve9github3cvelist9prion9